New Detections
- Added new detection for kubernetes_gcp_detect_most_active_service_accounts_by_pod.yml
- Added new detection for kubernetes_gcp_detect_RBAC_authorizations_by_account.yml
- Added new detection for kubernetes_gcp_detect_sensitive_object_access.yml
- Added new detection for kubernetes_gcp_detect_sensitive_role_access.yml
- Added new detection for kubernetes_gcp_detect_service_accounts_forbidden_failure_access.yml
- Added new detection for kubernetes_gcp_detect_suspicious_kubectl_calls.yml
Updates
- Updated the search processes_created_by_netsh.yml to exclude a process known to create false positives. Thank you Murali from Xilinx.
Fixed Issues
- Fixed bug with detection Previously Seen Running Windows Services.
- Fixed bug with API for upper case detections. Thank you Nick Roy for reporting.
- Fixed bug with spectre_and_meltdown_vulnerable_systems.yml detection data model.
- Fixed bug with processes_launching_netsh.yml detection. Thank you Josef Kuepker.
Other
- Added automated testing capabilities via CI under the tests folder.
- Added MITRE tagging for cloud detections.